Re: [htdig] Indexing Restricted Pages


Subject: Re: [htdig] Indexing Restricted Pages
From: Albert Lunde (Albert-Lunde@northwestern.edu)
Date: Thu Dec 21 2000 - 13:14:57 PST


> > >Thanks for your suggestion. Is is possible to use an .htaccess file to
> > >restrict access by username?
> So is it then not possible to use the .htaccess file to permit access to the
> Web pages without username and password by just the htdig process or just one
> username's processes while still requiring username and password for all other
> accesses?

You can allow access without a password from a given IP address or
host name(s), while requiring a password from everywhere else.

This is what "satisfy any" (previously mentioned by someone else)
is for; it allows access when either of two authentication
methods (specified with both "allow" and "require") succeeds.

Another example (from something I used to restrict an entire virtual host;
you can put similar stuff in <Location> <Directory> or
in a .htaccess file.)

<Location / >
    order deny,allow
    deny from all
    allow from host.example.com
    AuthType Basic
    AuthUserFile /opt/local/httpd/passwords/proto-htpass
    AuthName "Restricted Pages"
    require valid-user
    satisfy any
</Location>

The Apache server, has no good way to know what requests come from
"one username" or "just the htdig process". Apache authetication
doesn't use the ident/auth username or user-agent, which are the
closest things to proxies for that information, because they are
quite insecure and spoofable.
 
> > Well, this is the point of authentication methods. You could
> > certainly make a username/password pair for htdig alone.
> Do you specify a different Web username and password combination for htdig to
> use from what other processes use? How does one do that? Can this be set up
> in the .htaccess file?

Read the Apache documentation on mod_access, mod_auth, satify, require
and htpasswd

also see:
http://www.apacheweek.com/features/userauth

I think you can do it in .htaccess if the "Allow Override" settings in the
server configuration is "All" or includes "AuthConfig" and "Limit".

These are mostly Apache issues, not htdig issues.

--
    Albert Lunde          Albert-Lunde@northwestern.edu (new address)
                          Albert-Lunde@nwu.edu (old address)

------------------------------------ To unsubscribe from the htdig mailing list, send a message to htdig-unsubscribe@htdig.org You will receive a message to confirm this. List archives: <http://www.htdig.org/mail/menu.html> FAQ: <http://www.htdig.org/FAQ.html>



This archive was generated by hypermail 2b28 : Thu Dec 21 2000 - 13:25:33 PST